Due to widespread defacement of project wikis, we have been forced to tighten security on Tigris.Org a bit. As of yesterday, users who are merely “Observers” in a project are no longer able to edit wiki pages. Project Owners who still want to grant widespread edit rights may add the new “Wiki Contributor” role along with “Observer,” to get the same permissions as before.
Why did we do this?
Well, you know … spam!
Over the last month or so, many projects have seen a rise in defacement of their wikis, by users with various fanciful names.
But Wikipedia isn’t so restrictive!
That’s true (though they’ve become somewhat stricter of late, and that trend may continue). But Wikipedia is a single wiki, with thousands of editors watching for this sort of thing. Tigris, on the other hand, is thousands of separate wikis, many with no editors actively watching them at all. The policies of each project are the responsibility of the Project Owner; central oversight and policy only comes into play at times like these, when there is widespread and unambiguous abuse.
How bad is it?
The defacements we’ve found to date are commercial / “warez” level spam, advertising businesses, some of whom have a less-than-obvious legal position, but none of which are pornographic or violent or otherwise deeply offensive. Similarly, we have not found any cases where the legitimate content of the wiki was damaged, only links to off-site web servers were added.
What can we do to clean up?
Every Project Owner should take a look over their project wiki for defacement. If it’s found, you’ll want to remove it; the “Page Information” link will be a handy way to do that. Page Information will also show you the user names of the culprits. You might want to rescind their membership in your project (although the security change I’ve mentioned here should be enough to prevent further defacement by Observer members).